β Public Clouds & Shared Responsibility: Lessons from Vulnerability Disclosure β
π Read
via "Threat Post".
Much is made of shared responsibility for cloud security. But Oliver Tavakoli, CTO at Vectra AI, notes there's no guarantee that Azure or AWS are delivering services in a hardened and secure manner.π Read
via "Threat Post".
Threat Post
Public Clouds & Shared Responsibility: Lessons from Vulnerability Disclosure
Much is made of shared responsibility for cloud security. But Oliver Tavakoli, CTO at Vectra AI, notes there's no guarantee that Azure or AWS are delivering services in a hardened and secure manner.
βΌ CVE-2019-3556 βΌ
π Read
via "National Vulnerability Database".
HHVM supports the use of an "admin" server which accepts administrative requests over HTTP. One of those request handlers, dump-pcre-cache, can be used to output cached regular expressions from the current execution context into a file. The handler takes a parameter which specifies where on the filesystem to write this data. The parameter is not validated, allowing a malicious user to overwrite arbitrary files where the user running HHVM has write access. This issue affects HHVM versions prior to 4.56.2, all versions between 4.57.0 and 4.78.0, as well as 4.79.0, 4.80.0, 4.81.0, 4.82.0, and 4.83.0.π Read
via "National Vulnerability Database".
π΄ North Korea's Lazarus Group Turns to Supply Chain Attacks π΄
π Read
via "Dark Reading".
State-backed group is among a growing number of threat actors looking at supply chain companies as an entry point into enterprise networks.π Read
via "Dark Reading".
Dark Reading
North Korea's Lazarus Group Turns to Supply Chain Attacks
State-backed group is among a growing number of threat actors looking at supply chain companies as an entry point into enterprise networks.
β SquirrelWaffle Loader Malspams, Packing Qakbot, Cobalt Strike β
π Read
via "Threat Post".
Say hello to what could be the next big spam player: SquirrelWaffle, which is spreading with increasing frequency via spam campaigns and infecting systems with a new malware loader.π Read
via "Threat Post".
Threat Post
SquirrelWaffle Loader Malspams, Packing Qakbot, Cobalt Strike
SquirrelWaffle, a new malware loader, is mal-spamming malicious Microsoft Office documents to deliver Qakbot malware and the penetration-testing tool Cobalt Strike β two of the most common threats regularly observed targeting organizations around the world.β¦
π΄ Free Tool Helps Security Teams Measure Their API Attack Surface π΄
π Read
via "Dark Reading".
Data Theorem's free API Attack Surface Calculator helps security teams understand potential API exposures.π Read
via "Dark Reading".
Dark Reading
Free Tool Helps Security Teams Measure Their API Attack Surface
Data Theorem's free API Attack Surface Calculator helps security teams understand potential API exposures.
βΌ CVE-2021-23877 βΌ
π Read
via "National Vulnerability Database".
Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protection (MTP) prior to 16.0.34_x may allow a local user to run arbitrary code as the admin user by replacing a specific temporary file created during the installation of the trial version of MTP.π Read
via "National Vulnerability Database".
βΌ CVE-2020-22864 βΌ
π Read
via "National Vulnerability Database".
A cross site scripting (XSS) vulnerability in the Insert Video function of Froala WYSIWYG Editor 3.1.0 allows attackers to execute arbitrary web scripts or HTML.π Read
via "National Vulnerability Database".
βΌ CVE-2021-41866 βΌ
π Read
via "National Vulnerability Database".
MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not escaped properly.π Read
via "National Vulnerability Database".
β Cyber Attack Cripples Iranian Fuel Distribution Network β
π Read
via "Threat Post".
The incident triggered shutdowns at pumps across the country as attackers flashed the phone number of Supreme Leader Ali Khamenei across video screens.π Read
via "Threat Post".
Threat Post
Cyberattack Cripples Iranian Fuel Distribution Network
The incident triggered shutdowns at pumps across the country as attackers flashed the phone number of Supreme Leader Ali Khamenei across video screens.
ποΈ Attack the block β How a security researcher cracked 70% of urban WiFi networks in one hit ποΈ
π Read
via "The Daily Swig".
A new attack takes advantage of weak WiFi passwordsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Attack the block β How a security researcher cracked 70% of urban WiFi networks in one hit
A new attack takes advantage of weak WiFi passwords
π΄ Identity-Focused Security Controls Prevail π΄
π Read
via "Dark Reading".
How identity and access management strategies held up during the pandemic and tips for putting together an identity security road map.π Read
via "Dark Reading".
Dark Reading
Identity-Focused Security Controls Prevail
How identity and access management strategies held up during the pandemic and tips for putting together an identity security road map.
π΄ Annual Cyber Risk Survey Finds Businesses Are Sharpening Their Focus on Cybersecurity but Also Reveals Much Room for Improvement in Building Cyber-Resilience π΄
π Read
via "Dark Reading".
This year's survey features the highest percentage of cyber insurance buyers since the beginning of the survey 11 years ago.π Read
via "Dark Reading".
Dark Reading
Annual Cyber Risk Survey Finds Businesses Are Sharpening Their Focus on Cybersecurity but Also Reveals Much Room for Improvementβ¦
This year's survey features the highest percentage of cyber insurance buyers since the beginning of the survey 11 years ago.
π΄ Cynerio Launches IoT Attack Detection and Response Module for Healthcare IoT Devices π΄
π Read
via "Dark Reading".
Module helps hospitals identify, contain, and mitigate threats on devices exhibiting malicious or suspicious behavior.π Read
via "Dark Reading".
Dark Reading
Cynerio Launches IoT Attack Detection and Response Module for Healthcare IoT Devices
Module helps hospitals identify, contain, and mitigate threats on devices exhibiting malicious or suspicious behavior.
π΄ Onfido Acquires EYN to Provide Acoustic-Based Liveness Detection π΄
π Read
via "Dark Reading".
Technology will be incorporated into Onfidoβs Real Identity Platform.π Read
via "Dark Reading".
Dark Reading
Onfido Acquires EYN to Provide Acoustic-Based Liveness Detection
Technology will be incorporated into Onfidoβs Real Identity Platform.
π΄ Cyber Readiness Institute Names Karen S. Evans as New Managing Director π΄
π Read
via "Dark Reading".
Former assistant secretary for cybersecurity, energy security, and emergency response at US Department of Energy and Homeland Security CIO to lead strategic vision and day-to-day operations.π Read
via "Dark Reading".
Dark Reading
Cyber Readiness Institute Names Karen S. Evans as New Managing Director
Former assistant secretary for cybersecurity, energy security, and emergency response at US Department of Energy and Homeland Security CIO to lead strategic vision and day-to-day operations.
π΄ Avast Business Introduces Network Discovery for SMBs π΄
π Read
via "Dark Reading".
Avast's Network Discovery enables network administrators to easily analyze their entire IT network and deploy Avast Business security services.π Read
via "Dark Reading".
Dark Reading
Avast Business Introduces Network Discovery for SMBs
Avast's Network Discovery enables network administrators to easily analyze their entire IT network and deploy Avast Business security services.
π΄ ThycoticCentrify Integrates Secret Server With Privileged Access Management Platform π΄
π Read
via "Dark Reading".
Combination avails Secret Server customers to a range of SaaS services.π Read
via "Dark Reading".
Dark Reading
ThycoticCentrify Integrates Secret Server With Privileged Access Management Platform
Combination avails Secret Server customers to a range of SaaS services.
βΌ CVE-2021-41872 βΌ
π Read
via "National Vulnerability Database".
Skyworth Digital Technology Penguin Aurora Box 41502 has a denial of service vulnerability, which can be exploited by attackers to cause a denial of service.π Read
via "National Vulnerability Database".
ποΈ Data breach at Colorado university impacts 30,000 students ποΈ
π Read
via "The Daily Swig".
Atlassian vulnerability believed to be attack vectorπ Read
via "The Daily Swig".
portswigger.net
Web Application Security, Testing, & Scanning - PortSwigger
PortSwigger offers tools for web application security, testing, & scanning. Choose from a range of security tools, & identify the very latest vulnerabilities.
π¦Ώ Microsoft warns of new supply chain attacks by Russian-backed Nobelium group π¦Ώ
π Read
via "Tech Republic".
The cybercrime group behind the SolarWinds hack remains focused on the global IT supply chain, says Microsoft, with 140 resellers and service providers targeted since May.π Read
via "Tech Republic".
ποΈ βProfessional cybercriminalsβ blamed for DDoS attacks against UK telecoms providers ποΈ
π Read
via "The Daily Swig".
Packet in, says industry groupπ Read
via "The Daily Swig".
portswigger.net
Web Application Security, Testing, & Scanning - PortSwigger
PortSwigger offers tools for web application security, testing, & scanning. Choose from a range of security tools, & identify the very latest vulnerabilities.